π΄ John McAfee Indicted on Tax Charges π΄
π Read
via "Dark Reading".
The indictment alleging tax evasion and failure to file returns was unsealed after his arrest in Spain.π Read
via "Dark Reading".
Dark Reading
John McAfee Indicted on Tax Charges
The indictment alleging tax evasion and failure to file returns was unsealed after his arrest in Spain.
βΌ CVE-2020-26572 βΌ
π Read
via "National Vulnerability Database".
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26571 βΌ
π Read
via "National Vulnerability Database".
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5632 βΌ
π Read
via "National Vulnerability Database".
InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files.π Read
via "National Vulnerability Database".
π Recon Informer 1.2 π
π Read
via "Packet Storm Security".
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.π Read
via "Packet Storm Security".
Packetstormsecurity
Recon Informer 1.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Gone phishing: workplace email security in five steps β
π Read
via "Naked Security".
David Mitchell, Senior Director of Email Product Management at Sophos, shares his top tips to optimize workplace email security.π Read
via "Naked Security".
Naked Security
Gone phishing: workplace email security in five steps
David Mitchell, Senior Director of Email Product Management at Sophos, shares his top tips to optimize workplace email security.
β Unpatched Apple T2 Chip Flaw Plagues Macs β
π Read
via "Threat Post".
A researcher claims that the issue can be exploited by attackers in order to gain root access.π Read
via "Threat Post".
Threat Post
Unpatched Apple T2 Chip Flaw Plagues Macs
A researcher claims, the issue can be exploited by attackers with physical access to to a Mac, in order to gain root access.
π΄ 6 Best Practices for Using Open Source Software Safely π΄
π Read
via "Dark Reading".
Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.π Read
via "Dark Reading".
Dark Reading
6 Best Practices for Using Open Source Software Safely
Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.
βΌ CVE-2020-25613 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23832 βΌ
π Read
via "National Vulnerability Database".
A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.π Read
via "National Vulnerability Database".
π¦Ώ How to defend your organization against the surge in ransomware attacks π¦Ώ
π Read
via "Tech Republic".
Ransomware attacks doubled in the US over the last three months, says Check Point Research.π Read
via "Tech Republic".
TechRepublic
How to defend your organization against the surge in ransomware attacks
Ransomware attacks doubled in the US over the last three months, says Check Point Research.
β APT Attack Injects Malware into Windows Error Reporting β
π Read
via "Threat Post".
The fileless attack uses a phishing campaign that lures victims with information about a workerβs compensation claim.π Read
via "Threat Post".
Threat Post
APT Attack Injects Malware into Windows Error Reporting
The fileless attack uses a phishing campaign that lures victims with information about a workers' compensation claim.
β COVID-19 Clinical Trials Slowed After Ransomware Attack β
π Read
via "Threat Post".
The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.π Read
via "Threat Post".
Threat Post
COVID-19 Clinical Trials Slowed After Ransomware Attack
The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest it could be a nation-state actor behind the incident.
π What is ITAR Compliance? 2020 ITAR Regulations, Fines, Certifications & More π
π Read
via "Digital Guardian".
Learn about ITAR compliance in Data Protection 101, our series on the fundamentals of information security.π Read
via "Digital Guardian".
Digitalguardian
What is ITAR Compliance? (Regulations, Fines, & More)
Companies must register with the DDTC and know what is required of them to be ITAR compliant and then certify that they possess that knowledge.
π΄ Malware for Ad Fraud Gets More Sophisticated π΄
π Read
via "Dark Reading".
Facebook says SilentFade campaign disabled notifications that could have warned users that their accounts had been compromised.π Read
via "Dark Reading".
Dark Reading
Malware for Ad Fraud Gets More Sophisticated
Facebook says SilentFade campaign disabled notifications that could have warned users that their accounts had been compromised.
β Naked Security Podcast β weβre back for Series 3! β
π Read
via "Naked Security".
Join us weekly for the Naked Security Podcast - back for Series 3 and available wherever good podcasts are found!π Read
via "Naked Security".
Naked Security
Naked Security Podcast β weβre back for Series 3!
Join us weekly for the Naked Security Podcast β back for Series 3 and available wherever good podcasts are found!
β Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors β
π Read
via "Threat Post".
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.π Read
via "Threat Post".
Threat Post
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
βΌ CVE-2020-25742 βΌ
π Read
via "National Vulnerability Database".
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25803 βΌ
π Read
via "National Vulnerability Database".
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.π Read
via "National Vulnerability Database".
π¦Ώ Wi-Fi security: FBI warns of risks of using wireless hotel networks π¦Ώ
π Read
via "Tech Republic".
Wi-Fi networks in hotels typically favor guest convenience over strong security practices, says the FBI.π Read
via "Tech Republic".
TechRepublic
Wi-Fi security: FBI warns of risks of using wireless hotel networks
Wi-Fi networks in hotels typically favor guest convenience over strong security practices, says the FBI.
π Lynis Auditing Tool 3.0.1 π
π Read
via "Packet Storm Security".
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.π Read
via "Packet Storm Security".
Packetstormsecurity
Lynis Auditing Tool 3.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers